On Thursday, August 20, 2015 11:52 AM, linux-rdma-owner@xxxxxxxxxxxxxxx <linux-rdma-owner@xxxxxxxxxxxxxxx> on behalf of Sagi Grimberg <sagig@xxxxxxxxxxxxxxxxxx> wrote:
> On 8/19/2015 7:37 PM, Christoph Hellwig wrote:
>> We have many WR opcodes that are only supported in kernel space
>> and/or require optional information to be copied into the WR
>> structure. Reject all those not explicitly handled so that we
>> can't pass invalid information to drivers.
>>
>> Cc: stable@xxxxxxxxxxxxxxx
>> Signed-off-by: Christoph Hellwig <hch@xxxxxx>
>> ---
>> drivers/infiniband/core/uverbs_cmd.c | 9 ++++++++-
>> 1 file changed, 8 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
>> index a15318a..f9f3921 100644
>> --- a/drivers/infiniband/core/uverbs_cmd.c
>> +++ b/drivers/infiniband/core/uverbs_cmd.c
>> @@ -2372,6 +2372,12 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
>> next->send_flags = user_wr->send_flags;
>>
>> if (is_ud) {
>> + if (next->opcode != IB_WR_SEND &&
>> + next->opcode != IB_WR_SEND_WITH_IMM) {
>> + ret = -EINVAL;
>> + goto out_put;
>> + }
>> +
>> next->wr.ud.ah = idr_read_ah(user_wr->wr.ud.ah,
>> file->ucontext);
>> if (!next->wr.ud.ah) {
>> @@ -2413,7 +2419,8 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
>> next->wr.atomic.rkey = user_wr->wr.atomic.rkey;
>> break;
>> default:
>> - break;
>> + ret = -EINVAL;
>> + goto out_put;
>> }
>> }
>>
>>
>
> Reviewed-by: Sagi Grimberg <sagig@xxxxxxxxxxxx>
>
> Haggai, can you also have a look?
It looks like the default case in the non-UD branch is currently used to handle plain IB_WR_SEND operations, so the patch would cause these to return an error.
Haggai--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html